Services.exe tried to modify....

Hi there,
Got an alert from PG :-
c:\windows\system32\services.exe [988] Tried to modify an existing driver/service named navex15
c:\windows\system32\services.exe [988] Tried to modify an existing driver/service named naveng

Forgot to say that this is my AV updating.

This is because i removed the "allow driver/service install" feature as recomended,but the alert says "Modify" not "Install". I have the feature "allow modify" checked,so why can't it modify? and if it can't modify is there any point having this feature checked.

Thanks

TonyJL

 

Although I can't answer you're question why it can't modify the driver ... but I'd guess it's because the process would involve installing a new driver for NAV.

You could temporarily allow it, while running Live Update if the need arises.

The whole Notice - can be read here

 

Yes do do that, but not when my security apps do their auto updates,in which case i have to reboot if i get the msg because it's "already updated",then allow the feature,then update. Which can get to be a right pain sometimes, especially when your in the middle of something.

Anyway,thanks for the reply,shall i remove "allow modify" or doesn't it really matter??

Thanks

TonyJL

 

I would leave it with the allow modify protected apps. I believe that is the way it is set as default.

Steve

 

Just to add ... although it's a bit of a pain in your case. I believe the basic premise for removing the allow drivers flag from services ... is that malware could use services.exe to bypass PG's driver/rootkit protection by using it, instead of attempting to install the drivers etc. directly. So even though you find it a bit of a pain, IMHO you're better off tolerating it, and ensuring your protection in this area of PG.

Regards,

Steve

 

I do agree with you fully but..

I've just been thinking ya know,for malware to install anything,haven't they first got to launch which you would (or should) block with PG. Or am i missing something? (i'm no computer wizkid so...)

TonyJL

 

I run NAV and PG also and don't run into this problem. The NAV update files are in the /Program Files/Symantec folder. Make sure each of them is in your protected tab, and have the 'install driver/services' option ticked.

 

Hi Vikorr,which version of norton do you have? i have v2003 it's in the protection lists but i have never had an alert about them trying install drivers,the only one that does need it is lucumserver_2_6.exe.

Thanks

 

I'm running NAV corporate edition. I have Lucomserver.exe and Luall.exe both marked for install drivers/services.

They do modify the drivers each time.

The easiest way though, would be to run PG in learning mode when you update. Should get rid of all the problems (I installed a clean system and ran the NAV update with PG in learning mode....so luall.exe needed the install services/drivers ability).

 

Thanks vikorr i'll try that, but i you don't need to be in learning mode to be alerted to that (the tray icon flashes red when it blocks anything). Maybe it's to do with the two versions of NAV? well i'll give it a go anyway.Cheers

Tonyjl